CVE-2023-6843: 
WordPress vulnerability analysis and mitigation

CVE-2023-6843 affects the easy.jobs WordPress plugin versions before 2.4.7. The vulnerability was discovered by Krzysztof Zając from CERT PL and was publicly disclosed on December 22, 2023. This security issue impacts the Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin (WPScan).

The vulnerability is classified as an Access Control issue (CWE-284) with a CVSS v3.1 base score of 4.3 (Medium). The security flaw stems from improperly secured AJAX actions in the plugin, which fails to implement proper authorization checks. The vulnerability is related to the OWASP Top 10 category A5: Broken Access Control (WPScan, NVD).

The vulnerability allows any authenticated user, including those with low-privilege roles such as subscribers, to modify the plugin's settings. This unauthorized access to settings modification could potentially lead to configuration changes that affect the job board functionality and company information (WPScan).

The vulnerability has been fixed in version 2.4.7 of the easy.jobs plugin. Users are advised to update to this version or newer to mitigate the security risk (WPScan).